Optimasi dan Compile Kernel FreeBSD

Hal terpenting sebelum melakukan optimasi dan compile kernel adalah mengetahui semua perangkat yang ada pada mesin server atau komputer serta memastikan apakah perangkat tersebut benar-benar dibutuhkan. Mengetahui perangkat yang aktif pada mesin FreeBSD dapat menggunakan perintah :

server# dmesg

Copyright (c) 1992-2009 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 7.2-STABLE #0: Mon Sep 7 01:09:43 WIT 2009
root@server.devilian.com:/usr/obj/usr/src/sys/GENERIC
Timecounter “i8254″ frequency 1193182 Hz quality 0
CPU: Intel(R) Core(TM)2 CPU 4400 @ 2.00GHz (1999.75-MHz 686-class CPU)
Origin = “GenuineIntel” Id = 0x6f2 Stepping = 2
Features=0x78bf3bf
Features2=0×9
real memory = 536805376 (511 MB)
avail memory = 511279104 (487 MB)
pnpbios: Bad PnP BIOS data checksum
kbd1 at kbdmux0
acpi0: on motherboard
acpi0: [ITHREAD]
acpi0: Power Button (fixed)
acpi0: Sleep Button (fixed)
Timecounter “ACPI-safe” frequency 3579545 Hz quality 850
acpi_timer0: <32-bit timer at 3.579545MHz> port 0×4008-0x400b on acpi0
pcib0: port 0xcf8-0xcff on acpi0
pci0: on pcib0
isab0:
at device 1.0 on pci0
isa0: on isab0
atapci0: port 0x1f0-0x1f7,0x3f6,0×170-0×177,0×376,0xd000-0xd00f at device 1.1 on pci0
ata0: on atapci0
ata0: [ITHREAD]
ata1: on atapci0
ata1: [ITHREAD]
vgapci0: mem 0xe0000000-0xe07fffff at device 2.0 on pci0
em0: port 0xd010-0xd017 mem 0xf0000000-0xf001ffff irq 11 at device 3.0 on pci0
em0: [FILTER]
em0: Ethernet address: 08:00:27:09:12:15
pci0: at device 4.0 (no driver attached)
pci0: at device 7.0 (no driver attached)
em1: port 0xd040-0xd047 mem 0xf0820000-0xf083ffff irq 10 at device 8.0 on pci0
em1: [FILTER]
em1: Ethernet address: 08:00:27:29:16:ed
acpi_acad0: on acpi0
atkbdc0: port 0×60,0×64 irq 1 on acpi0
atkbd0: irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
atkbd0: [ITHREAD]
fdc0: port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on acpi0
fdc0: does not respond
device_attach: fdc0 attach returned 6
psm0:
irq 12 on atkbdc0
psm0: [GIANT-LOCKED]
psm0: [ITHREAD]
psm0: model IntelliMouse Explorer, device ID 4
fdc0: port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on acpi0
fdc0: does not respond
device_attach: fdc0 attach returned 6
pmtimer0 on isa0
orm0: at iomem 0xc0000-0xc8fff,0xe2000-0xe2fff pnpid ORM0000 on isa0
ppc0: parallel port not found.
sc0: at flags 0×100 on isa0
sc0: VGA <16 virtual consoles, flags=0×300>
sio0: configured irq 4 not in bitmap of probed irqs 0
sio0: port may not be enabled
sio0: configured irq 4 not in bitmap of probed irqs 0
sio0: port may not be enabled
sio0 at port 0x3f8-0x3ff irq 4 flags 0×10 on isa0
sio0: type 8250 or not responding
sio0: [FILTER]
sio1: configured irq 3 not in bitmap of probed irqs 0
sio1: port may not be enabled
vga0: at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
Timecounter “TSC” frequency 1999751824 Hz quality 800
Timecounters tick every 1.000 msec
ad0: 20480MB at ata0-master UDMA33
acd0: DVDROM at ata1-master UDMA33
Trying to mount root from ufs:/dev/ad0s1a

server# cd /sys/i386/conf/
server# cp GENERIC FIREWALL
server# ee FIREWALL

Isi file FIREWALL

cpu             I686_CPU
ident           FIREWALL
makeoptions     DEBUG=-g
options         SCHED_ULE
options         PREEMPTION
options         INET
options         INET6
options         SCTP
options         FFS
options         SOFTUPDATES
options         UFS_ACL
options         UFS_DIRHASH
options         UFS_GJOURNAL
options         MD_ROOT
options         NFSCLIENT
options         NFSSERVER
options         NFSLOCKD
options         NFS_ROOT
options         MSDOSFS
options         CD9660
options         PROCFS
options         PSEUDOFS
options         GEOM_PART_GPT
options         GEOM_LABEL
options         COMPAT_43TTY
options         COMPAT_FREEBSD4
options         COMPAT_FREEBSD5
options         COMPAT_FREEBSD6
options         SCSI_DELAY=5000
options         KTRACE
options         STACK
options         SYSVSHM
options         SYSVMSG
options         SYSVSEM
options         P1003_1B_SEMAPHORES
options         _KPOSIX_PRIORITY_SCHEDULING
options         KBD_INSTALL_CDEV
options         ADAPTIVE_GIANT
options         STOP_NMI
options         AUDIT
options         SMP
device          apic
device          cpufreq
device          eisa
device          pci
device          ata
device          atadisk
device          atapicd
options         ATA_STATIC_ID
device          atkbdc
device          atkbd
device          kbdmux
device          vga
device          splash
device          sc
device          agp
device          pmtimer
device          em
device          miibus
device          rl
device          loop
device          random
device          ether
device          sl
device          ppp
device          tun
device          pty
device          md
device          gif
device          faith
device          firmware
device          bpf
options         IPFIREWALL
options         IPFIREWALL_VERBOSE
options         IPFIREWALL_FORWARD
options         IPFIREWALL_VERBOSE_LIMIT=100
options         IPFIREWALL_DEFAULT_TO_ACCEPT
options         IPDIVERT
options         ACCEPT_FILTER_DATA
options         ACCEPT_FILTER_HTTP
options         DUMMYNET
options         IPSTEALTH

server# config FIREWALL

Kernel build directory is ../compile/FIREWALL
Don’t forget to do “make cleandepend && make depend”

server# cd ../compile/FIREWALL/
server# make cleandepend && make depend

…
…
…
===> zlib (depend)
@ -> /usr/src/sys
machine -> /usr/src/sys/i386/include
rm -f .depend
mkdep -f .depend -a -nostdinc -D_KERNEL -DKLD_MODULE -DHAVE_KERNEL_OPTION_HEADERS -I. -I@ -I@/contrib/altq -I/usr/src/sys/i386/compile/FIREWALL /usr/src/sys/modules/zlib/../../net/zlib.c
===> zyd (depend)
@ -> /usr/src/sys
machine -> /usr/src/sys/i386/include
ln -sf /usr/src/sys/i386/compile/FIREWALL/opt_usb.h opt_usb.h
awk -f @/tools/makeobjops.awk @/kern/device_if.m -h
awk -f @/tools/makeobjops.awk @/kern/bus_if.m -h
awk -f @/tools/usbdevs2h.awk @/dev/usb/usbdevs -h
rm -f .depend
mkdep -f .depend -a -nostdinc -D_KERNEL -DKLD_MODULE -DHAVE_KERNEL_OPTION_HEADERS -I. -I@ -I@/contrib/altq -I/usr/src/sys/i386/compile/FIREWALL /usr/src/sys/modules/zyd/../../dev/usb/if_zyd.c

server# make
server# make install
server# make clean

Jika tidak ada error, proses compile berakhir disini.
Selanjutnya mengaktifkan firewall yang telah ditambahkan pada kernel.

server# ee /etc/rc.conf

Tambahkan baris berikut pada file /etc/rc.conf

firewall_enable="YES"
firewall_script="/etc/rc.firewall"
firewall_type="OPEN"
firewall_quiet="YES"

Keluar dari editor dan simpan.
Aktifkan kernel baru dengan me-reboot komputer :

server# reboot

Lihat kernel yang aktif setelah optimasi dan compile:

server# uname -a

FreeBSD server.devilian.com 7.2-STABLE FreeBSD 7.2-STABLE #0: Mon Sep 7 17:56:30 WIT 2009 root@server.devilian.com:/usr/src/sys/i386/compile/FIREWALL i386

Cek apakah firewall (ipfw) telah aktif :

server# ipfw show

00100 0 0 allow ip from any to any via lo0
00200 0 0 deny ip from any to 127.0.0.0/8
00300 0 0 deny ip from 127.0.0.0/8 to any
65000 210 22826 allow ip from any to any
65535 0 0 allow ip from any to any

Bandingkan hasil dmesg setelah optimasi kernel :

server# dmesg

Copyright (c) 1992-2009 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 7.2-STABLE #0: Mon Sep 7 17:56:30 WIT 2009
root@server.devilian.com:/usr/src/sys/i386/compile/FIREWALL
Timecounter “i8254″ frequency 1193182 Hz quality 0
CPU: Intel(R) Core(TM)2 CPU 4400 @ 2.00GHz (1999.97-MHz 686-class CPU)
Origin = “GenuineIntel” Id = 0x6f2 Stepping = 2
Features=0x78bf3bf
Features2=0×9
real memory = 536805376 (511 MB)
avail memory = 515543040 (491 MB)
pnpbios: Bad PnP BIOS data checksum
kbd1 at kbdmux0
acpi0: on motherboard
acpi0: [ITHREAD]
acpi0: Power Button (fixed)
acpi0: Sleep Button (fixed)
Timecounter “ACPI-safe” frequency 3579545 Hz quality 850
acpi_timer0: <32-bit timer at 3.579545MHz> port 0×4008-0x400b on acpi0
pcib0: port 0xcf8-0xcff on acpi0
pci0: on pcib0
isab0:
at device 1.0 on pci0
isa0: on isab0
atapci0: port 0x1f0-0x1f7,0x3f6,0×170-0×177,0×376,0xd000-0xd00f at device 1.1 on pci0
ata0: on atapci0
ata0: [ITHREAD]
ata1: on atapci0
ata1: [ITHREAD]
vgapci0: mem 0xe0000000-0xe07fffff at device 2.0 on pci0
em0: port 0xd010-0xd017 mem 0xf0000000-0xf001ffff irq 11 at device 3.0 on pci0
em0: [FILTER]
em0: Ethernet address: 08:00:27:09:12:15
pci0: at device 4.0 (no driver attached)
pci0: at device 7.0 (no driver attached)
em1: port 0xd040-0xd047 mem 0xf0820000-0xf083ffff irq 10 at device 8.0 on pci0
em1: [FILTER]
em1: Ethernet address: 08:00:27:29:16:ed
acpi_acad0: on acpi0
atkbdc0: port 0×60,0×64 irq 1 on acpi0
atkbd0: irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
atkbd0: [ITHREAD]
pmtimer0 on isa0
orm0: at iomem 0xc0000-0xc8fff,0xe2000-0xe2fff pnpid ORM0000 on isa0
sc0: at flags 0×100 on isa0
sc0: VGA <16 virtual consoles, flags=0×300>
vga0: at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
Timecounter “TSC” frequency 1999967452 Hz quality 800
Timecounters tick every 1.000 msec
ipfw2 (+ipv6) initialized, divert enabled, nat loadable, rule-based forwarding enabled, default to accept, logging limited to 100 packets/entry by default
ad0: 20480MB at ata0-master UDMA33
acd0: DVDROM at ata1-master UDMA33
Trying to mount root from ufs:/dev/ad0s1a

Proses optimasi dan compile kernel selesai.